09/26/2024 | Press release | Distributed by Public on 09/26/2024 12:51
September 26, 2024, Covington Alert
On September 26, 2024, the U.S. Department of Commerce's Bureau of Industry and Security ("BIS") published a Notice of Proposed Rulemaking ("NPRM" or "Proposed Rule") that would, if implemented as proposed, prohibit the import of certain hardware related to Vehicle Connectivity Systems ("VCS") from the People's Republic of China ("PRC") and Russia. The Proposed Rule would further prohibit the sale or import of connected vehicles ("CVs") that incorporate certain software related to VCS or Automated Driving Systems ("ADS"). As drafted, the Proposed Rule could have broad-reaching implications for the automotive industry as it will impose a significant new compliance burden on manufacturers and importers and reshape automotive supply chains.
Background
On February 29, 2024, BIS released an advanced notice of proposed rulemaking ("ANPRM") to "investigate the national security risks from connected vehicles that incorporate technology from countries of concern, including China, and consider regulations to address those risks." In the ANPRM, BIS described the national security concerns associated with information and communications technology and services ("ICTS") found in connected vehicles, including the potential exploitation of technology and data by foreign adversaries, and previewed that in light of such risks, BIS was considering regulating an entire class of transactions involving ICTS in connected vehicles. Such regulations would be consistent with authority granted by E.O. 13873 (the "ICTS EO"), which allows the Department of Commerce to not only investigate certain ICTS transactions on a case-by-case basis, but also to categorically prohibit or restrict certain classes of transactions that pose an unacceptable risk to U.S. national security (See Covington alert). The ANPRM was subject to a public comment period, after which BIS further developed and defined the scope of the proposed prohibitions, as reflected in the Proposed Rule.
While the Proposed Rule and accompanying commentary signal that the clear direction of U.S. policy is toward greater regulation of automotive companies and technology for purposes of addressing U.S. national security concerns, principally focused on China, the NPRM also reflects that BIS considered the public comments submitted in response to the ANPRM and sought to develop a more narrow and tailored Proposed Rule than initially contemplated in the ANPRM. In particular, and as detailed below, the Proposed Rule is focused on the hardware and software components that comprise VCS as well as the software that comprises ADS. Other hardware and software components that may be found within a connected vehicle, but not within one of those two systems, will for now fall outside the scope of the contemplated prohibitions. At the same time, the Proposed Rule as drafted could impose a significant burden across companies in the automotive industry ranging from component suppliers to manufacturers and sellers of completed connected vehicles.
Prohibitions and Compliance Requirements
The Proposed Rule would, absent a General or Specific Authorization:
Prohibitions (1) through (3) would apply when such VCS hardware or covered software is designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the PRC or Russia. Prohibition (4) would apply regardless of whether the hardware or software was designed, developed, manufactured, or supplied by persons owned by, controlled by, or subject to the jurisdiction or direction of the PRC or Russia.
The prohibitions on the import or sale of connected vehicles that incorporate covered software would take effect for Model Year 2027 (i.e., model year 2027 vehicles), and the prohibitions on the import of VCS hardware would take effect for Model Year 2030 (i.e., model year 2030 vehicles), or January 1, 2029, for hardware not associated with a specific model year.
Key Definitions
General Authorizations, Specific Authorizations, and Advisory Opinions
The Proposed Rule provides general authorizations to allow certain parties, such as small producers of vehicles, to undertake otherwise prohibited transactions in order to "minimize unanticipated and unnecessary disruption to industry."
Specifically, general authorizations for prohibited transactions will exist under limited circumstances where:
Additionally, BIS will consider specific authorizations, which, following an application to and approval by BIS, grant VCS hardware importers and connected vehicle manufacturers the ability to engage in otherwise prohibited transactions, including because the associated undue or unacceptable risks have been, or can be, mitigated.
The Proposed Rule also indicates that BIS will establish an advisory opinion process to allow VCS hardware importers and connected vehicle manufacturers to seek guidance from BIS on whether a prospective transaction may be prohibited.
Declarations of Conformity
Parties who import non-prohibited VCS hardware or import or sell vehicles that incorporate non-prohibited covered software will be required to submit "declarations of conformity" to BIS covering all relevant VCS hardware and each group of relevant model year vehicles, to confirm that such VCS hardware is not prohibited or that such vehicles do not incorporate prohibited covered software, as applicable. Declarations of conformity will be required to include relevant hardware bills of materials and software bills of materials and will be required to be submitted annually or whenever there is a material change.
Penalties
Persons who violate, attempt to violate, conspire to violate, or knowingly cause a violation of the rule, once finalized, may be subject to civil and/or criminal penalties under the International Emergency Economic Powers Act ("IEEPA") (50 U.S.C. 1705), depending on the circumstances of the violation. Potential violations of the Proposed Rule (once finalized) that would be subject to penalties include engaging in a prohibited transaction without an applicable general authorization or specific authorization, or failure to abide by the conditions enumerated in a specific authorization. At the time of publishing of the Proposed Rule, the maximum civil penalty for violations of IEEPA is $368,136 per violation and the maximum criminal penalty is $1,000,000. Under the Proposed Rule, should BIS have reason to believe that a violation has occurred and intends to issue a civil monetary penalty, it will inform the alleged violator through a written notice of the intent to impose a penalty ("Pre-Penalty Notice"). Recipients of such notice will have the opportunity to respond in writing and provide additional information to contest the penalty within 30 days for the transmission of the original pre-penalty notice.
Next Steps
If, following consideration of comments received on this proposed rule, BIS issues a final rule to adopt the proposal, that final rule will take effect 60 days after publication in the Federal Register. Comments to the Proposed Rule are due October 28, 2024.
If you have any questions concerning the material discussed in this client alert, please contact the members of our CFIUS practice.